Tracking logging in events

I was looking through raw access logs wondering what is an ultimate criteria to spot all logins.

I have used ‘grep’ searching for ‘login’, ‘wp-admin’, even ‘/wp-admin/images/wordpress-logo’ and still no clear results. Some IP’s which belong to bots from all over to world messing up with access logs.

What would be the ultimate keyword to search through logs just to make sure only logged in IP’s would appear?